Simple webhook to block exploitation of CVE-2022-0811

webhook-cve-2022-0811

This is a really simple webhook that just blocks pod creation if malicious sysctl values are configured.

Build

go test
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build

Build image an deploy in Minikube

Start minikube:

minikube start
minikube addons enable registry

Build:

podman build -t localhost:5000/webhook-cve-2022-0811:latest .
podman push --tls-verify=false "$(minikube ip):5000/webhook-cve-2022-0811:latest"

Deploy:

cd kustomize/
kustomize build | kubectl apply -f -

Test

Create the following pod:

apiVersion: v1
kind: Pod
metadata:
  name: sysctl-set
  namespace: default
spec:
  securityContext:
   sysctls:
   - name: kernel.shm_rmid_forced
     value: "1+kernel.core_pattern"
  containers:
  - name: test
    image: k8s.gcr.io/pause:3.2
Owner
null
https://github.com/spiarh/webhook-cve-2022-0811
Similar Resources

Latest block exporter to monitor your own nodes !

Ethereum Block Prometheus Exporter Deeply copied from 31z4/ethereum-prometheus-exporter Thanks a lot for his work ! This service exports the latest bl

Nov 5, 2021

traefik-block-ua is a traefik plugin to whitelist requests based on the user agents

traefik-block-ua is a traefik plugin to whitelist requests based on the user agents

Nov 20, 2021

A block parser tool that allows extraction of various data types on DAS

das-database A block parser tool that allows extraction of various data types on DAS (register, edit, sell, transfer, ...) from CKB Prerequisites Ubun

Nov 11, 2022

Test-csi-driver - Amazon Elastic Block Store (EBS) CSI driver

Amazon Elastic Block Store (EBS) CSI driver Overview The Amazon Elastic Block St

Feb 1, 2022

Coriolis-snapshot-agent - Coriolis snapshot agent leverages the blk-snap kernel module to create copy-on-write snapshots of block devices

Coriolis snapshot agent Coriolis snapshot agent leverages the blk-snap kernel mo

Feb 17, 2022

Dockerized Go app for testing the CVE-2021-44228 vulnerability

docker-log4shell Simple Go app / Docker image for playing with the CVE-2021-44228 vulnerability. Hosts a simple file server and an ldap server that pr

Dec 12, 2021

🔑 Kubernetes Authentication & Authorization WebHook Server

🔑 Kubernetes Authentication & Authorization WebHook Server

Guard Guard by AppsCode is a Kubernetes Webhook Authentication server. Using guard, you can log into your Kubernetes cluster using various auth provid

Dec 16, 2022

A Kubernetes Mutating Webhook to automatically re-point pod images to mirrors

kubernetes-mimic Kubernetes Mimic is a Mutating Webhook that will watch for pod creation and update events in a Kubernetes cluster and automatically a

Nov 22, 2022

The k8s-generic-webhook is a library to simplify the implementation of webhooks for arbitrary customer resources (CR) in the operator-sdk or controller-runtime.

k8s-generic-webhook The k8s-generic-webhook is a library to simplify the implementation of webhooks for arbitrary customer resources (CR) in the opera

Nov 24, 2022
Related tags
DevOps Tools webhook-cve-2022-0811
webhook is a lightweight incoming webhook server to run shell commands
 webhook is a lightweight incoming webhook server to run shell commands

What is webhook? webhook is a lightweight configurable tool written in Go, that allows you to easily create HTTP endpoints (hooks) on your server, whi

Jan 5, 2023
A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers
 A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers

k8s-vault-webhook is a Kubernetes admission webhook which listen for the events related to Kubernetes resources for injecting secret directly from sec

Oct 15, 2022
Kubernetes webhook development (validating admission webhook) tutorial using kubewebhook

pod-exec-guard-kubewebhook-tutorial Introduction This is a tutorial that shows how to develop a Kubernetes admission webhook. To explain this, the tut

Aug 26, 2022
Tcpdump-webhook - Toy Sidecar Injection with Mutating Webhook

tcpdump-webhook A simple demonstration of Kubernetes Mutating Webhooks. Injects

Feb 8, 2022
Webhook-server - Webhook Server for KubeDB resources

webhook-server Webhook Server for KubeDB resources Installation To install KubeD

Feb 22, 2022
Go package that aids in binary analysis and exploitation

sploit Sploit is a Go package that aids in binary analysis and exploitation. The motivating factor behind the development of sploit is to be able to h

Jan 1, 2023
DevOps Roadmap 2022

Want to learn DevOps the right way in 2022 ? You have come to the right place I have created the complete DevOps roadmap that anyone can follow and be

Dec 28, 2022
Spotify Backend Developer Intern Challenge 2022 (Go, Gin, SQLite3)

Shopify Backend Developer Intern Challenge - Summer 2022 This is an API for managing inventory items. The API is written in Go and uses Gin and sqlite

Jan 19, 2022
Course system - The project of Group 28 for ByteCamp 2022 Winter

Course System This is the project of Group 28 for ByteCamp 2022 Winter. Quick St

Jul 20, 2022
(WIP) Extremely simple unixway GitHub webhook listener for push event

(WIP) puffy Puffy is an extremely simple unixway GitHub webhook listener and handler for push events Todo Add payload signature validation (WIP) Depen

Oct 15, 2022